Home // FSTC // News // How to secure the Internet of Things (IoT)?

How to secure the Internet of Things (IoT)?

twitter linkedin facebook google+ email this page
Published on Monday May 14 2018

The security issues on the Internet of Things (IoT) were at the top of the agenda during the Information Security Education Day (ISED) organised on 4 May 2018 by the University of Luxembourg and the Luxembourg Institute of Science and Technology (LIST). More than 50 participants from academia and industry attended the event on Belval campus.

Paul Heuschling

Nicolas Mayer

Jun Pang

Paul Heuschling, Dean of the Faculty of Science, Technology and Communication (FSTC), introduced the fourth edition of ISED by welcoming all the participants. Then, Nicolas Mayer, Course Director and Senior R&T Associate at IT for Innovative Services (ITIS) within the LIST presented the Master en management de la sécurité des systèmes d'information (MSSI) while Jun Pang, Research Scientist at the University of Luxembourg presented the topic. From connecting devices to human value, the Internet of Things refers to a network of physical objects that send and receive data automatically through the Internet. This technology requires more information exchange than ever, which raises many security questions.

Sylvain Kubler

Alain Herrmann

Sylvain Kubler, Associate Professor at the Research Center for Automatic Control of Nancy (CRAN) presented the European project bIoTope “Building an IoT OPen innovation Ecosystem for connected smart objects”. Funded by the Horizon 2020 programme, bIoTope provides a platform where companies can easily create new IoT systems and rapidly harness available information using advanced Systems-of-Systems (SoS) capabilities for Connected Smart Objects – with minimal investment.

Alain Herrmann, in charge of IT & New Technologies at the Commission Nationale pour la Protection des Données (CNPD) tackled the issue of IoT and personal data as there are a lot of stakeholders involved and multiple communication protocols. The General Data Protection Regulation (GDPR – EU 2016/679), which will enter into force on 25 May 2018, is already one step to protect and empower European citizens data privacy. But to specifically protect personal data in electronic communications, only the upcoming “ePrivacy Regulation”, which is expected for 2020, will establish a legal framework.

Alfredo Rial Duran

Carlo Harpes

Alfredo Rial Duran, Research Associate at SnT within the University of Luxembourg, focused on smart grid with its opportunities and threats. Smart meters enable for instance to save energy, prevent outages and increase efficiency but at the same time, they give a lot of personal information. Potential solutions include anonymization, trusted party, differential privacy but they all present disadvantages. On this occasion, he presented his research activities based on proof of knowledge and on zero-knowledge.

Carlo Harpes, Managing Director at itrust consulting, presented the efforts made at European and international levels to standardise the Internet of Things in order to protect individuals, businesses and governments that use the IoT. For instance, the European Union Agency for Network and Information Security (ENISA) published in November 2017 a study “Baseline Security Recommendations for IoT in the context of critical information infrastructures” to set the scene for IoT security in Europe.

Christophe Bianco

Edgar Biro

Christophe Bianco, Founder and Managing Partner at Excellium Services, gave his viewpoint on data security.

Edgar Biro, Member of the Club de la Sécurité de l'Information - Luxembourg (CLUSIL), stressed on risk management linked to IoT. Indeed, the variability of devices and systems, the dynamism and temporality of connections, the heterogeneity of actors and the link between these systems make IoT a top priority within companies. Thus, a new automated and continuous risk management approach is needed.

Finally, Olga Gadyatskaya, Research Associate at SnT within the University of Luxembourg joined Christophe Bianco, Carlo Harpes, and Sylvain Kubler to exchange their viewpoints during a round table moderated by Pascal Steichen, CEO at Securitymadein.lu.

The Information Security Education Day (ISED) is a yearly one-day event co-organized by the University of Luxembourg (Computer Science and Communication Research Unit - CSC) and the Luxembourg Institute of Science and Technology (LIST), sponsored by CLUSIL.

Pictures and presentations: https://ised.uni.lu